Add exitpoint for legacy classifier app

Classifier app currently sends the packet directly to portsec
app. This is Bad. As described in the bug, metadata stored in
registers can be lost.

This change adds a classifier exitpoint table, and classifier
app sends the packets there. The datapath wiring then sends
the packet to the portsec app (if so configured).

This is important, since sometimes the datapath code allocates different
registers to the same metadata accross different applications, and registers
are moved. Skipping this behaviour causes errors.

Closes-Bug: #1815416
Change-Id: I38f14e8faa45e4ef3740bdbee78bd493f6d602ab
This commit is contained in:
Omer Anson 2019-02-10 12:12:35 +02:00
parent 8f0e67da2e
commit 8976a2cf9e
3 changed files with 3 additions and 2 deletions

View File

@ -35,7 +35,7 @@ class ClassifierApp(df_base_app.DFlowApp):
self.add_flow_go_to_table(
table=const.INGRESS_CLASSIFICATION_DISPATCH_TABLE,
priority=const.PRIORITY_DEFAULT,
goto_table_id=self.dfdp.apps['portsec'].entrypoints.default,
goto_table_id=const.INGRESS_CLASSIFICATION_EXITPOINT_TABLE,
)
@df_base_app.register_event(

View File

@ -26,6 +26,7 @@
# translated to network id and the packet is forwarded to
# INGRESS_DESTINATION_PORT_LOOKUP_TABLE.
INGRESS_CLASSIFICATION_DISPATCH_TABLE = 0
INGRESS_CLASSIFICATION_EXITPOINT_TABLE = 1
# Detect reg6 (provider network and dNAT)
EXTERNAL_INGRESS_DETECT_SOURCE_TABLE = 2
# Next 2 tables are related to connection tracking and packet filtering.

View File

@ -3,6 +3,6 @@ vertices:
type: portsec
edges:
dragonflow-legacy.out.5: portsec.in.default
dragonflow-legacy.out.1: portsec.in.default
portsec.out.default: dragonflow-legacy.in.10
portsec.out.services: dragonflow-legacy.in.20